[webkit-dev] Do we need a "webkitBackground" property for XMLHttpRequest?
Adam Barth
abarth at webkit.org
Tue Jul 24 02:58:00 PDT 2012
I don't think we should add this property. Instead we should not ever
present HTTP auth dialogs for any requests other than the main
resource for the top-level frame. Presenting HTTP auth dialogs in
other contexts is a phishing risk.
Adam
On Tue, Jul 24, 2012 at 2:47 AM, xuewen <xuewen.wang at torchmobile.com.cn> wrote:
>
> When we send XMLHttpRequest to access search engines or it is sent from
> chrome extensions, we may do/don't want the browser to show the
> authentication challenge dialog. Should we provide a property to give a
> choice to users such as the "webkitBackground"?
>
> Please see the bug https://bugs.webkit.org/show_bug.cgi?id=91964
>
> If we totally disable XHR popping up the challenge dialogs, then how can the
> user request the resource using XHR from the sites across origins and
> requiring authentications? Or will this operation be disallowed in the
> future?
>
> One way is to show a form by javascript to ask for the credentials in its
> "onReadyStatusChange" and resend it by XHR. Is this the reason to totally
> disable the XHR popping up challenge dialogs?
>
> Sean Wang
More information about the webkit-dev
mailing list